Hardware Reference
In-Depth Information
This activation corresponds to the deviation from the nominal trace:
- either as an internal error when only the state vector Z is altered
¥.d; y; f I t/ D z 0 ; u I t C 1 ¤ . z ; u I t C 1/
(8.2)
where z 0 . / denotes an internal state distinct from the nominal one;
- or as an error impacting the service delivered when the vector from U is also
altered (which thus corresponds to the failure of the target system):
. z ; u 0 I t C 1/ ¤ . z ; u I t C 1/
. z 0 ; u 0 I t/ ¤ . z ; u I t C 1/
¥.d; y; f I t/ D
(8.3)
where u 0 . / denotes an output distinct from the nominal one u . /.
This modeling frame is also useful to describe the equivalence of the impact on
the behavior caused by a fault and by an erroneous state, as follows:
¥.d;y;f I t/ D ¥ d;y 0 ;f 0 I t
(8.4)
Another useful refinement is related to the fact that the evolution of a system does
not depend at any time on all its internal states. This leads to make a partition of the
state sets Y and Z that distinguishes:
- Y d and Z d the dynamic part, characterizing the state variables that actually impact
the evolution of the behavior of the system at time t ;
- Y s and Z s the static part, including the variables that are not sensitized at time t .
Such a distinction is useful in practice to account for dormant faults and latent errors.
In particular, it essential to describe the evolution of the erroneous behavior caused
by a transient fault after it has disappeared:
¥.d; y d ;y s ;f I t/ D z d ; z 0 s ; u I t C 1 ) ¥ d;y d ;y s ;f 0 I t D . z ; u I t C 1/
(8.5)
Clearly, dormant faults may not create erroneous behaviors and all erroneous states
do not necessarily cause a failure. This has a direct impact on the controllability for
the definition of the fault/error injection method to produce an error set suitable to
sensitize the FTMs and on the observability , in particular with respect to the control
of the activation of the injected fault as an error and of the subsequent errors induced
by its propagation. Moreover, it is helpful for the design and implementation of the
fault-tolerant system since in practice it is not necessary neither to observe nor to
recover all system's states, which is especially important for the observation of the
reaction of the target system in presence of injected faults.
Search WWH ::




Custom Search